Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-3508

    A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompr... Read more

    Affected Products : trusted_profile_analyzer
    • Published: Apr. 25, 2024
    • Modified: Jun. 18, 2025

  • 6.8

    MEDIUM
    CVE-2024-33669

    An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS querie... Read more

    • Published: Apr. 26, 2024
    • Modified: Jun. 18, 2025

  • 8.8

    HIGH
    CVE-2025-29885

    An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vuln... Read more

    Affected Products : file_station
    • Published: Jun. 06, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-21558

    Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0 and 22.12.1.0. Easily e... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-21548

    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto... Read more

    Affected Products : mysql_connector\/python
    • Published: Jan. 21, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-21528

    Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 an... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-21526

    Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0 an... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-33670

    Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictio... Read more

    Affected Products : passbolt_api
    • Published: Apr. 26, 2024
    • Modified: Jun. 18, 2025

  • 4.8

    MEDIUM
    CVE-2025-21502

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle G... Read more

    • Published: Jan. 21, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-28066

    In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).... Read more

    • Published: Apr. 08, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2024-23084

    Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to de... Read more

    Affected Products : apfloat
    • Published: Apr. 08, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-23086

    Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a ... Read more

    Affected Products : apfloat
    • Published: Apr. 08, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2024-23085

    Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to deter... Read more

    Affected Products : apfloat
    • Published: Apr. 08, 2024
    • Modified: Jun. 18, 2025

  • 8.3

    HIGH
    CVE-2023-40287

    An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.... Read more

    • Published: Mar. 27, 2024
    • Modified: Jun. 18, 2025

  • 8.3

    HIGH
    CVE-2023-40288

    An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.... Read more

    • Published: Mar. 27, 2024
    • Modified: Jun. 18, 2025

  • 7.2

    HIGH
    CVE-2023-40289

    A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.... Read more

    • Published: Mar. 27, 2024
    • Modified: Jun. 18, 2025

  • 8.3

    HIGH
    CVE-2023-40290

    An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows.... Read more

    • Published: Mar. 27, 2024
    • Modified: Jun. 18, 2025

  • 8.3

    HIGH
    CVE-2023-40286

    An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.... Read more

    • Published: Mar. 27, 2024
    • Modified: Jun. 18, 2025

  • 6.3

    MEDIUM
    CVE-2024-20280

    A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weak... Read more

    • Published: Oct. 16, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2024-10295

    A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauth... Read more

    Affected Products : 3scale_api_management
    • Published: Oct. 24, 2024
    • Modified: Jun. 18, 2025
Showing 20 of 293656 Results